How to Pass PCI Compliance Audits

Lets dive in and look at some reports you can use to help you pass PCI Compliance audits.

Pass PCI Compliance Audits: The Reports You Might Find Useful

Check if Software is Up-to-Date

An important part of PCI audits is checking that software is up-to-date, particularly those applications that are notorious for vulnerabilities and exploits. A few key applications that PCI Compliance auditors would look for are IE, Flash, and Java. Save yourself a some work in the long run by having a report all ready to go.

You can follow these same steps for any application, for this example let’s use Flash. In the following steps, PDQ Inventory Enterprise mode is used to create reports, although you can accomplish the same results using the free download of PDQ Inventory. You’ll just have to create a new report and set up the filters yourself. (Click here to learn more about filters, note that filters for collections and reports are essentially used the same way.)

In the Collection Library, select Flash IE (Old) and then select from the New Report drop down the “From Collection” option. This will automatically create a report using the same filters and information that created the collection. You can do this with any collection, not just the ones in the Collection Library. But since the Collection Library filters are already set up and ready to go you may as well take advantage of that.

With a newly created report you’ll be able to print or export the needed information for the auditor or other curious eyes.

Staying Up-to-Date on Applications

If you want to make sure your report shows all your computers are up-to-date…set up some Auto Deployments. Flash, Java, and IE (and so much more) are all available to set up to automatically deploy when an out-of-date version is detected. Learn more about Auto Deployments here.

Point-of-Sale Machines

Point-of-Sale computers face far more scrutiny than other computers. You’ll want to have a report ready to show all software installed on those machines to pass PCI compliance audits. Here’s how you can build a report to show what is on your Windows POS machines.

First, create a collection with your POS computers. Create a static collection (click the static collection button in the toolbar up top) and select computers.

You can also create a dynamic collection based on criteria such as AD Group Membership or based on computers having a particular piece of POS software installed. Using a dynamic collection means that computers will be automatically added to the collection based on the criteria you set. This is a great way to maintain an up-to-date collection.

Then it’s time to run your report. Select your newly created Point-of-Sale collection and then go to Report > Run Report > Applications to run the applications report or right-click on the collection to access the same Run Report options.

Now you have a report of all POS computers and what applications are installed on them. Hit the Print Preview button to print (naturally) or to export this report as a PDF, csv, or many other file types.

While you’re at it…

While you’re building and running these reports you might want to consider adding a few more reports for your information.

Hardware Assessment. Now is a good time to look over machines and see what computers might need upgrades this year. For example, you could create a report to tell you which machines have lower amounts of memory. Now you know what budget requests you might need to make or how to allocate your IT budget. Again, this is where the Collection Library comes in handy. In the left side tree you can navigate to Collection Library > Hardware > Disks.

To create a report, with the collection of interest selected, go up to Report > Run Report > Memory Modules. You may want to adjust the value column to the amount of GB you’re interested in reporting on. Edit (with Pro or Enterprise level) the report by clicking Define Report.

Software Counts. Another good thing to check is if your company is compliant with licensing agreements. Mark a date in your calendar annually to run the Application Count report (Report > Run Report > Application Count). Select the collection you want to report on or just do this for all computers, whatever makes sense in your environment.